hook_node_grants

This hook is for implementation by node access modules. In this hook,
the module grants a user different "grant IDs" within one or more
"realms". In hook_node_access_records(), the realms and grant IDs are
associated with permission to view, edit, and delete individual nodes.

The realms and grant IDs can be arbitrarily defined by your node access
module; it is common to use role IDs as grant IDs, but that is not
required. Your module could instead maintain its own list of users, where
each list has an ID. In that case, the return value of this hook would be
an array of the list IDs that this user is a member of.

A node access module may implement as many realms as necessary to
properly define the access privileges for the nodes. Note that the system
makes no distinction between published and unpublished nodes. It is the
module's responsibility to provide appropriate realms to limit access to
unpublished content.

Node access records are stored in the {node_access} table and define which
grants are required to access a node. There is a special case for the view
operation -- a record with node ID 0 corresponds to a "view all" grant for
the realm and grant ID of that record. If there are no node access modules
enabled, the core node module adds a node ID 0 record for realm 'all'. Node
access modules can also grant "view all" permission on their custom realms;
for example, a module could create a record in {node_access} with:

If you decide to do this, be aware that the node_access_rebuild() function
will erase any node ID 0 entry when it is called, so you will need to make
sure to restore your {node_access} record after node_access_rebuild() is
called.

Parameters

$account
The user object whose grants are requested.

$op
The node operation to be performed, such as "view", "update", or "delete".

Return value

An array whose keys are "realms" of grants, and whose values are arrays of
the grant IDs within this realm that this user is being granted.